[SECURITY] [DLA 4328-1] linux-6.1 security update

Debian LTS Advisory DLA-4328-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings October 13, 2025 https://wiki.debian.org/LTS Package : linux-6.1 Version : 6.1.153-1 CVE ID : CVE-2024-36331 CVE-2024-36350 CVE-2024-36357 CVE-2024-36913 CVE-2024-41013 CVE-2024-47704...

Ubuntu: Security Advisory (USN-7776-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-38138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udmaprobe devmkasprintf returns NULL when memory allocation...

CVE-2025-38138 affecting package kernel for versions less than 6.6.96.1-1

CVE-2025-38138 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...

CVE-2025-38138

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udmaprobe devmkasprintf returns NULL when memory allocation fails. Currently, udmaprobe does not check for this case, which results in a NULL pointer dereference. Add NULL check after devmkasprint...

CVE-2025-38138 dmaengine: ti: Add NULL check in udma_probe()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udmaprobe devmkasprintf returns NULL when memory allocation fails. Currently, udmaprobe does not check for this case, which results in a NULL pointer dereference. Add NULL check after devmkasprint...

CVE-2025-38138

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udmaprobe devmkasprintf returns NULL when memory allocation fails. Currently, udmaprobe does not check for this case, which results in a NULL pointer dereference. Add NULL check after devmkasprint...

CVE-2025-38138

CVE-2025-38138 concerns the Linux kernel TI DMA engine, specifically the ti udmaProbe path. The root cause is a NULL pointer dereference when devm_kasprintf() returns NULL due to memory allocation failure, because udma_probe() did not check this return value. The vulnerability is mitigated by a p...

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification MMS protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial...

CVE-2024-38138

creationtimestamp| type| source ---|---|--- 2024-08-13 18:05:01+00:00| seen| https://www.thezdi.com/blog/2024/8/13/the-august-2024-security-update-review...

CVE-2024-38138 Windows Deployment Services Remote Code Execution Vulnerability

...

CVE-2024-38138 Windows Deployment Services Remote Code Execution Vulnerability

...

CVE-2024-38138

Technical details (affected products/versions/root cause/impact/remediation) are not present in the provided documents. Monitor for updates from Microsoft and CVE databases for concrete details, fixes, and confirmed impact.

CVE-2023-38138

creationtimestamp| type| source ---|---|--- 2023-08-02 20:39:24+00:00| seen| https://t.me/cibsecurity/67603...

CVE-2023-38138

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluate...

CVE-2023-38138 BIG-IP Configuration utility vulnerability

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluate...

CVE-2023-38138

CVE-2023-38138 affects BIG-IP Configuration utility pages and is a reflected XSS vulnerability that can execute JavaScript in the context of the currently logged-in user. Public documentation in connected sources confirms impact on BIG-IP (Configuration utility) and that exploitation could lead t...

CVE-2023-38138 BIG-IP Configuration utility vulnerability

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluate...

CVE-2022-38138

The Triangle Microworks IEC 61850 Library Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C, or Java language library with a version number of 5.0.1 or earlier and 60870-6 ICCP/TASE.2 Library Any client or server...